Google has seen fit to slow down its publishing process for applications in an effort to stop a phishing attack from repeating itself. Previously, a phishing attack has been abusing the sign-in system by using fake a fake form of the Google Docs application.
Knowing this, Google has also announced any developers that there will be new rules and processing systems used to make sure that any other such situations be avoided. This will potentially cause some problems to the publishing process for applications. Henceforth, applications that request data from users will have to go through a week-long review process before they can be approved for any sign-in services belonging to Google. According to Google, “Until the review is complete, users will not be able to approve the data permissions, and we will display an error message instead of the permissions consent page,”. They also informed us that, ‘’ “You can request a review during the testing phase to open the app to the public. We will try to process those reviews in three to seven business days. In the future, we will enable review requests during the registration phase as well.”.
The previous phishing attack targeted the OAuth login website. This is where any third-party applications can request their access to all the functionalities that Gmail has. Here are included functions like send, read, manage and delete emails. The attack created a fake Google Doc application which attempted to fool its recipient in to offering any permission it had to the actual Google login page. Once this has been done, it would then spread to any of the contacts in the victim’s list.
This situation has caused some uproar from the Google users to better control who can get access to the third-party application page. They requested that a more efficient job be done on the vetting process for app developers.